Commit `62c8d9099c63`

Vincent Demeester <vincent@sbr.pm>

2026-01-14 12:52:09

fix(xmpp): force Let's Encrypt ACME instead of minica

- Add explicit server URL for Let's Encrypt production - Add DNS resolver for DNS-01 challenge - This should fix the certificate trust issue with XMPP clients Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

main

1 parent 2c1c176

Changed files (1)

systems

aion

xmpp.nix

@@ -42,9 +42,11 @@
   security.acme.certs."xmpp.sbr.pm" = {
     domain = "xmpp.sbr.pm";
     dnsProvider = "gandiv5";
+    dnsResolver = "1.1.1.1:53"; # Use Cloudflare DNS for DNS-01 challenge
     credentialsFile = config.age.secrets."gandi.env".path;
     group = "prosody"; # Allow prosody to read certificates
     reloadServices = [ "prosody.service" ]; # Reload prosody when certificates are renewed
+    server = "https://acme-v02.api.letsencrypt.org/directory"; # Use Let's Encrypt production
   };
 
   # Age secret for Gandi API (shared with rhea for DNS-01 challenge)

Commit 62c8d9099c63

Commit `62c8d9099c63`